[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The new Social Contract and releasing Sarge

On Wed, Apr 28, 2004 at 11:28:34PM -0600, Jamin W. Collins wrote:
> On Thu, Apr 29, 2004 at 01:11:18AM +0100, Colin Watson wrote:
> > For instance, fixing #211640 requires me to change
> > openssh_*.orig.tar.gz so that it no longer matches the GPG signature
> > distributed alongside the OpenSSH source distribution by its
> > developers, which for a piece of security-critical infrastructure I
> > feel would be a great shame. (I suppose I should at least remove
> > that document from the binary package, though; in fact, I've just
> > done that in CVS.)
[...]
> I'm not sure that the above change in anyway corrects the actual problem
> since the orig.tar.gz contains non-free items, and thus should not be in
> main.

If I thought it fixed the problem, I would have uploaded it and closed
the bug, wouldn't I? No. However, removing it from the binary package
will let me hear if there are user complaints earlier, in which case
I'll need to come up with user documentation.

Package maintenance is a little more than just removing stuff ...

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: